Petraeus Affair: 7 Privacy Techniques To Avoid Trouble

A number of off-the-shelf technologies can help
keep online communications private -- but beware the limits.

Who Is Hacking U.S. Banks? 8 Facts

(click image for larger view and for slideshow)

Pop quiz: Who said the following?

"We have to rethink our notions of identity and secrecy. ... Every byte left behind reveals information about location, habits, and, by extrapolation, intent and probable behavior. The number of data points that can be collected is virtually limitless -- presenting, of course, both enormous intelligence opportunities and equally large counterintelligence challenges."

It was a "byte left behind," and then some, that ultimately led to Petraeus' resignation from the CIA. Briefly, his mistress and biographer Paula Broadwell sent emails -- allegedly of a threatening nature -- to Jill Kelley, a friend of Petraeus whom she saw as a rival. Tracing back the emails, FBI investigators identified Broadwell, found that she had classified information on her home PC, and also found that she was communicating with a third party using draft Gmail email messages, with both parties separately logging into the site, reading and erasing the previous message, and leaving a new one. Ultimately, the FBI identified Petraeus as the third party in question.

One of the many perplexing questions in this story remains technological: Couldn't the director of the CIA think of a better way to coordinate his liaisons than using a free webmail service? From a bigger-picture standpoint, meanwhile, the scandal raises this security question: Can two people communicate securely online, without a third party being able to intercept their communications, or even see that they're communicating?

Here are seven related facts:

1. Techniques For Swapping Secret Messages Abound.

The techniques for sending secret communications, or indicating a desire to communicate, are endless. There's Magic ink. Creating rudimentary codes to transmit communications via seemingly innocuous messages, such as making only the first letter of a sentence "count." Taping an "X" to your window. Using a "dead drop" to leave a message in a predefined physical location. Leaving coded messages on Craigslist.

2. Burner Phones Make Traceability, Attribution Difficult.

When there's the threat of having your communications traced, every fan of The Wire or Breaking Bad knows about burner cell phones. Buy cell phones using cash, use them to communicate -- by voice or text message -- for a finite period of time, and then replace them with different phones. Anyone trying to follow your trail will have difficulty reconstructing the entire pattern of communication.

3. Numerous Technologies Offer Secure Communications.

Many technologies promise to encrypt digital communications so they can't be intercepted. Use Zip files, encrypted with a passphrase that's been agreed in advance, and swap them via email. Similarly, technologies such as PGP, or the open-source GPG alternative, enable emails to be encrypted, as do a number of other webmail services. Meanwhile, Wickr provides for self-destructing messages, while for secure voice communications, look to Silent Circle from PGP creator Phil Zimmermann for Android and iOS, or Whisper Systems for Android.

Although these services might hide the message, they won't disguise that the sender and receiver have been communicating. For that, the Tor Project's anonymizing networks offer the opportunity to mask the fact that communications are occurring at all.

4. Hide Data In Pictures, Videos.

Another widely used technique for hiding communications involves the practice of steganography. In the digital realm, it means hiding information inside files -- for example, in digital pictures or Sodoku images.

Based on a 2006 Department of Justice criminal complaint filed against eight people who were allegedly working as agents for Russia's foreign intelligence service, known as SVR or "Moscow Center," the practice of steganography might be in widespread use by intelligence agencies. "Moscow Center uses steganographic software that is not commercially available. The software package permits the SVR clandestinely to insert encrypted data in images that are located on publicly-available websites without the data being visible," according to the complaint. "The encrypted data can be removed from the image, and then decrypted, using SVR-provided software."

5. Beware VPNs.

When it comes to hiding the fact that two parties are in communication, beware VPNs. Many Anonymous and LulzSec suspects learned the hard way after using VPN services such as HideMyAss.com that VPN providers keep access records, and tend to comply with court orders requiring them to share those records. In other words, VPNs will secure your communications, but don't count on it to cover your tracks.

6. Avoid Free Webmail Services.

It's a bad idea, as Broadwell and Petraeus discovered, to rely on free webmail services to provide secure communications or cover your tracks. "Webmail providers like Google, Yahoo and Microsoft retain login records (typically for more than a year) that reveal the particular IP addresses a consumer has logged in from," said Christopher Soghoian, principal technologist and senior policy analyst for the ACLU Speech, Privacy and Technology Project, in a blog post.

Those records helped the FBI trace the anonymous emails sent from Broadwell to Kelley back to the sender. "Although Ms. Broadwell took steps to disassociate herself from at least one particular email account, by logging into other email accounts from the same computer (and IP address), she created a data trail that agents were able to use to link the accounts," he said.

7. With Eavesdropping, All Bets Are Off.

There's a big caveat with the use of any digital security tool or technique, whether it's PGP, GPG, Tor, or steganography. Namely, if a third party -- your government, a foreign intelligence service, unscrupulous competitors -- sneaks a keylogger or Trojan application onto your PC, they can see every message or voice communication you initiate or receive, full stop.

That was the beauty of the Flame malware, which was allegedly built by the U.S. government for spying purposes, and which wasn't detectable by antivirus software for a significant length of time after it was first deployed. Using world-class crypto, Flame's creators were able to spoof Microsoft Update and automatically install their software on targeted PCs. For a target that's connected to the Internet, is there any way to reliably defend against that?

Likewise, last year's compromise of digital certificate registrar DigiNotar would have allowed attackers to generate fraudulent digital certificates for Facebook, Google, Microsoft, Skype, Twitter, and WordPress, as well as the CIA, MI6, and Mossad intelligence services, and the Tor Project. As a result, the attackers -- who were likely allied with the Iranian government -- could have launched man-in-the-middle attacks that allowed them to eavesdrop on all communications made through those websites or services, for any country-wide network they controlled.

Curious Choices For Spy Chief

With so much secure communications technology on offer, why did Petraeus choose a hidden Gmail account for coordinating his affair? The likely answer is that because Petraeus' extracurricular activities related solely to the marital, not espionage, realm, he thought simple track covering would suffice. Then again, security also involves a tradeoff between protection and usability -- easier to use typically means less secure, and harder to use means more secure -- and Petraeus and Broadwell might have simply opted for a simple communications technique. "It strikes me that the recent downfall of the CIA director speaks less to his tradecraft than the usability of encryption/anonymity tools," said Canadian privacy researcher Christopher Parsons via Twitter.

Beyond the scarcity of reliable communications techniques that are both secure and invisible, what the Petraeus scandal has also highlighted is that when authorities begin investigating your electronic communications, the game can quickly be over, sometimes with nary a warrant or subpoena being required.

Regardless, with the array of techniques available for clandestine communications, one of the strangest aspects to the scandal -- for many -- remains a spy chief's apparent lack of security finesse when it came to cloaking his own identity.

Published: 2015-03-31The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly handled when checking out a working tree.